Apple, Google and Microsoft speed up password burial

You will also be interested

[EN VIDÉO] Kézako: how is data encrypted on the internet?
Cryptography is the oldest form of encryption. There are traces of use up to 2000 BC. This technique is still used today, especially on the web, revealing its mysteries on video thanks to the Kézako program of Unisciel and the University of Lille 1.

According to a report by cybersecurity specialist Verizon, account hacking occurs in 80% of cases password low and easy to find. there are good ones password managers that strengthen security by remembering complex, but impossible-to-remember passwords. But soon we can rely on the fruit ofan alliance quite unexpected in between AppleGoogle and Microsoft to increase safety.

The three giants of high-tech have joined forces to create a safe and password be it on mobile phones, computers True through the browsers† They will ensure that their products support the Fido Alliance passwordless login standard (Quick Identity Online) and Global Web ConsortiumDigital Printface scan or pin will be the new universal sesame to unlock your device and find your data.

An alliance of convenience to enhance security

The system becomes all the more practical when you change smartphonefor example, you don’t need to log in with your password and username the first time. It’s been a while since the three companies integrated the components to support the Fido2 standard, but for now it’s still mandatory to log into accounts at least once by entering credentials.

With the new system and its identification uniquely activated by the biometricsThus, it now becomes very difficult for hackers to steal user account. According to the trio, the implementation of this passwordless standard will be implemented within a year and will work indiscriminately on macOS and its Safari browser, Android with Chrome or Windows and side

Outdated, passwords will disappear

Behind the name WebAuthn hides a new standard that proposes to abandon passwords in favor of biometrics or keys USB secured.

Article by Fabrice Auclert, published on

The W3C (Become a Wide Web Consortium), the leading organization that governs web standards, and the Fido Alliance (Quick Identity Online), an association of companies committed to securing the web, just announced approval of the Web Authentication specificationalso known as WebAuthn, which allows you to remove passwords on websites.

These two organizations have teamed up to solve a major security problem: the passwords† Internet users use many accounts to access different websites, each with its own password. Faced with the difficulty of creating and remembering so many different passwords, it often happens that they abandon the default passwords or opt for passwords that are easy to remember, such as “1234”, or even use the same thing everywhere. They are then vulnerable to simple attacks, or can be recovered by infecting the victim’s computer. If the person used the same codes for multiple accounts, they can all be compromised.

early adoption

There are a few solutions to increase security, such as password managers or multi-factor authentication with, for example, an SMS confirmation code, but in the long run this is not enough. New protocol Fido2 provides enhanced security and simplifies use by eliminating passwords. Specifically, it consists of two elements. First of all, an authentication, thanks a biometric system (such as a fingerprint reader or a camera), but also a mobile device or a Fido security USB key. The second element is theAPIs WebAuthn with which, in particular, browsers and websites can exchange in a secure way to identify themselves.

Major browsers had already anticipated the adoption of WebAuthn. Mozilla integrated the API into version 60 of its Firefox browser, released in May 2018. Google followed suit just a few days later with version 67 of Chrome, followed by Microsoft with its Edge browser and Apple with Safari. This new standard is supported on Windows 10 and Android.

A more convenient system and enhanced security

The standardization of WebAuthn, so that the Fido2 system is available for all websites, brings several advantages. Identifiers are unique to each website and no secret information is exchanged. It does not transmit any passwords or biometrics. It is therefore not possible to obtain them by: phishingand even in the event that one account is compromised, it will not allow access to the victim’s other accounts.

In addition, the registration creates a unique identifier for the website. This improves privacy as it makes it impossible to track a user from one site to another. Finally, the process is very easy to implement and quick to use. Sites must use the WebAuthn API, which is standardized. Users don’t have to enter their username and password, they just need to activate their identification system, for example by putting their finger on the fingerprint reader

Interested in what you just read?